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AMENpMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the application. 

Claim 1 (Currently Amended): A metliod for enabling secure communication between a 
client on an open network and a server apparatus on a secure network, the method performed on 
an intermediary apparatus coupled to the secure network and the open network., comprising: 

negotiatin g, with the intemiediarv apparams. a secure communications session with the 
client apparatus via the open networ k, wherein the secure communications session provides for 
communication of apt^lication data from the client to the intermediary apparatus via a plurality of 
security records, and wherein one or more of the security records includes encivpted application 
data spanning multiple data packets : 

negotiatin g, with the intermediaiy apparatus^ an open communications session with the 
server via the secure network; 

receivin g, with the intermediary apparatus, one or more of the data packets for a first one 
of the seciiri tv records using the secure communications session- enervpt e d pack e t application 
datfrfor - ft - s e ettri t y - rooord opoBning - multipl e data paokets, wher e in the QCcurit>^ rocord hofl a longth 
g f cftter - tfion a packct length aasooiated with th e multiplo data paokota ; 

prior to receiving a final packet of the first one of the security records, processing the one_ 
or more data packets of the first one of the security records with the intermediary apparatus by 
decrypting the encrypted paefeet application data in eaeh the received, d ata packets^[[;l] 
forwarding decrypted^ unauthenticated application data from the intermediary apparatus to the 
server via the secure network prior to authenticating the first one of the security records with the 
intermediary apparatus J F:!! and discarding at least a portion of the decrypted, unauthenticated 
paokot application data for the first one of the security records prior to rccoiving a fined pack e t of 
A c -s oeurity r e cord ; and 

upon receipt of the final packet of the first one of the security records, processing a 
remaining, non-discarded portion of the decrypted, unauthenticated application data for the first 
one of the security records to authenticate a uthonticating the first one of the security recordswr^ 
the intermediary apparatu3_ on rocoipt of the finoJ paoket of the oocurity record . 
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Claim 2 (Previoiisly Presented): The method of claim 1 wherein forwarding iududes: 
forwarding data which spans over multiple TCP segments. 

Claim 3 (Cancelled). 

Claim 4 (Currently Amended): The method of claim 1 

wherein ealy thea remainin g, non-discarded portion of the paefcet application data for the 
first one of the security records is buffered bvthe intermediary; apparatus as a minimal length 
sufficient to complete a block cipher used to encrypt the data. 

Claim 5 (Currently Amended): The method of claim 1 wherein authenticating includes 
authenticating the decrypted data for the jSrst one of the s ecurity records upon receiving a final 
TCP segment of a multi-segment encrypted data stream and after forwarding the decrypted, 
unauthenticated application data received prior to the final TCP segment. 

Claim 6 (Currently Amended): The method of claim 1 further including, after forwarding 
the decrypted, unauthenticated application data to the server, notifying the client apparatus if a 
failure in authenticating the first one of the s ecurity records occurs. 
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Claim 7 (Currently Ameud^): A method for processing encrypted data transferred 
between a first system and a second system, comprising: 

providing an accelerator device including a decryption engine in commimication with the 
first system via an open network and the second system via a secure network, 

receiving encrypted application d ata from the first system via the open network in the 
form of security records commtmicated through a secure communications session, wherein one 
or more of the security records span applioation dato flpanninfi m^JJtiple packets, and w herein a 
last packet of the multiple packets in each of the security records includes information for 
authenticating the application data contained within that security record ; 

as the multiple packets are received for any of the plurality of seciiritv records, processing 
the multiple packets for that security record by : 

(i) decryptin g, with the accelerator device, the application data contained within 
the multiple packets as the mulriplo paokoto ore reo e ived ; 

fii) forwarding the decrypted application data as th e multipl e pook e tg aaFe- 
dooryptod from the accelerator device t o the second system d evice via tJ^e secure network 
as the multiple packets of the security record are decrypted bv the accelerator device : 

(iii) buffering, with the accelerator device, a first p ortion of the decrypted 
application data for the security record and discarding a remaining second p ortion prior to 
authentication of the Explication data of the security record : and 

fiv) after discarding the second pOTtion_of the decrypted application data for the 
security record and upon receiving the information for autheoticatine the ap plication data 
in the last of the multiple packets for the security records authenticating the buffered, fu-st 
t>ortion of the application data of the security record w h e n th e information for - 
authontioating th e application data ig roo eiv ed - in - th e last of th e multipl e pae ke te . 

Claim 8 (Previously Presented): The method of claim 7 wherein receiving comprises 
receiving SSL encrypted data. 

Claim 9 (Previously Presented): The method of claim 7 wherein decrypting comprises 
decrypting application data encrypted using SSL and a DES algorithm. 
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Claims 10-11 (Cancelled) 

Claim 12 (Previously Presented): The method of claim 7 wherein buffering comprises 
buffering the application data for a minimal length less than a security record but sufficient to 
complete a block cipher used to encrypt the data. 

Claim 13 (Original): The method of claim 12 wherein said block cipher is a form of DBS, 

Claim 14 (Currently Amended): The method of claim 7 wherein authenticating includes 
alerting the first system d evtee if authenticating fails after forwarding the decrypted, 
unauthenticated application data that is received prior to the last one of the multiple packets. 

Claim 1 5 (Currently Amended): The method of claim 7 wherein authenticating includes 
generating a reset to the second system d eviee if said authenticating fails. 

Claim 1 6 (Currently Amended): A method of providing secure communications using 
limited buffer memory in an proc e ssing intermediary d evice, the secure communications 
providing a plurality of secure socket layer (SSD records over an SSL session, the method, 
comprising: 

receivin g, with the intermediary device, encrypted data for a portion of an SSL recortL 
wherein the SSL record has- havteg a length greater than a TCP segment carrying said data; 

buffering the encrypted data of the received portion of the SSL record in a memory buffer 
in the intermediary device, the buffer having a length equivalent to a block cipher size necessary 
to perform the cipher; 

decrypti ng, with the intermediary device, the buffered flogmont of th e rec e iv e d portion_of„ 
tfje.encrypted data to provide decrypted application data; and 

forwarding the decrypted application data from the intermediary device t o a destination 
device prior to authenticating the SSL record with the intermediary de3dce . 
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Claim 1 7 (Original): The method of claim 1 6 wherein the block cipher is 3DES. 

CUim 1 8 (Original): The method of claim 1 6 wherein the block cipher is DES. 

Claim 1 9 (Currently Amended): The method of claim 1 6 further including authenticating the 
data witl^ the ititermediaiv device on receipt of a final segment of the encrypted data by the 
intermediary device a fter forwarding the unauthenticated application data of the SSL security 
record t hQt -4 9 - r e o e iv e d prior to tb 6 final se gm e nt . 

Claim 20 (Previously Presented): The method of claim 19 fiorther including generating an 
alert if authenticating results in a feilure. 
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